Photo Station
Approved changes feed: RSS · Atom
cpe:2.3:a:qnap_systems_inc.:photo_station:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Qnap Systems Inc. (1f66ac1e-0889-51bf-b27f-24c7175e5920) |
|---|---|
| Product | Photo Station (f5faa8bf-3191-5f5d-9ca5-660ad70d73af) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-32770 |
vulnerable | 2026-06-03 14:55:48.002342 |
Photo Station
MEDIUM (6.3)
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Published: 2024-11-22T15:33:46.880Z
Updated: 2024-11-22T16:44:56.903Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32769 |
vulnerable | 2026-06-03 14:55:48.001994 |
Photo Station
MEDIUM (6.3)
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Published: 2024-11-22T15:33:52.295Z
Updated: 2024-11-22T16:44:56.748Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32768 |
vulnerable | 2026-06-03 14:55:48.001626 |
Photo Station
MEDIUM (6.3)
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Published: 2024-11-22T15:33:58.050Z
Updated: 2024-11-22T16:44:56.621Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32767 |
vulnerable | 2026-06-03 14:55:48.000021 |
Photo Station
MEDIUM (6.3)
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Published: 2024-11-22T15:34:04.301Z
Updated: 2024-11-22T16:44:56.514Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12923 |
vulnerable | 2026-06-03 14:54:23.429726 |
Photo Station
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.5 ( 2025/01/02 ) and later
Published: 2025-08-29T17:02:32.452Z
Updated: 2025-08-29T17:15:37.423Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47562 |
vulnerable | 2026-06-03 14:53:17.656104 |
Photo Station
HIGH (7.4)
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
Published: 2024-02-02T16:05:48.610Z
Updated: 2025-05-07T20:07:46.277Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47561 |
vulnerable | 2026-06-03 14:53:17.655722 |
Photo Station
MEDIUM (5.5)
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
Published: 2024-02-02T16:05:42.663Z
Updated: 2024-08-02T21:09:37.392Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47221 |
vulnerable | 2026-06-03 14:53:17.213953 |
Photo Station
MEDIUM (5.5)
A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
Published: 2024-03-08T16:15:23.594Z
Updated: 2024-08-02T21:01:22.965Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27593 |
vulnerable | 2026-06-03 14:46:47.549421 |
DeadBolt Ransomware
CRITICAL (10)
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Published: 2022-09-08T11:00:15.069Z
Updated: 2025-10-21T23:15:35.935Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44057 |
vulnerable | 2026-06-03 14:45:35.430361 |
Improper authentication in Photo Station
HIGH (7.1)
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later
Published: 2022-05-05T16:50:29.108Z
Updated: 2024-09-16T22:56:14.146Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34356 |
vulnerable | 2026-06-03 14:44:44.747728 |
Stored XSS Vulnerability in Photo Station
HIGH (7.6)
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later
Published: 2021-10-01T02:50:19.306Z
Updated: 2024-09-16T16:52:47.065Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34355 |
vulnerable | 2026-06-03 14:44:44.747321 |
Stored XSS Vulnerability in Photo Station
HIGH (7.6)
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later
Published: 2021-10-01T02:50:17.806Z
Updated: 2024-09-16T22:24:56.305Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34354 |
vulnerable | 2026-06-03 14:44:44.745707 |
Stored Cross-site Scripting Vulnerability in Photo Station
HIGH (7.6)
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later
Published: 2021-10-01T02:50:16.306Z
Updated: 2024-09-17T03:53:47.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2502 |
vulnerable | 2026-06-03 14:42:30.461272 |
Cross-site Scripting Vulnerability in Photo Station
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
Published: 2021-02-17T03:25:14.261Z
Updated: 2024-09-16T23:06:30.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2491 |
vulnerable | 2026-06-03 14:42:30.425880 |
Cross-site Scripting Vulnerability in Photo Station
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later
Published: 2020-12-10T03:34:06.628Z
Updated: 2024-09-17T00:56:10.939Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19956 |
vulnerable | 2026-06-03 14:38:29.914003 |
Details available
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published: 2020-11-02T15:57:02.771Z
Updated: 2024-09-16T17:08:36.080Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19955 |
vulnerable | 2026-06-03 14:38:29.913637 |
Details available
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published: 2020-11-02T15:57:02.727Z
Updated: 2024-09-16T20:52:17.922Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19954 |
vulnerable | 2026-06-03 14:38:29.912615 |
Details available
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.
Published: 2020-11-02T15:57:02.671Z
Updated: 2024-09-16T19:51:40.378Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-20210 |
vulnerable | 2026-06-03 14:37:06.538186 |
Photo Station
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Published: 2025-11-11T09:45:36.383Z
Updated: 2025-11-13T15:45:42.002Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.